ITS 3250 - Security Policies and Auditing

Review for Second Test

The following questions are provided to help you study for the second test. Do not expect to see these exact questions on the test.

  1. How are Linux and UNIX related?

  2. What version of Linux did I call Red Hat Experimental? Why?

  3. Our text discussed the Parkerian Hexad, which adds three more concepts to the CIA standard. What are they?

  4. What does it mean to do a core installation of Linux? What are a couple of things you don't get with a core installation?

  5. What is the problem with iptables if you are using it on a virtual server?

  6. What is the value in being able to boot a machine from a copy of Linux on a USB memory stick? What is the danger in it?

  7. What is a daemon, other than the captain of a Ferengi starship? (OK, Daimon, but they can sound the same.)

  8. What is the purpose of the sudo command in Linux?

  9. What is the primary purpose of the /etc/shadow file in Linux? What are the other files in the shadow suite?

  10. What does a command do that starts with su -c?

  11. In Rob Joyce's video presentation (shown in lesson 10), he called the last phase of an intrusion "Collect, Exfil, and Exploit". What did he mean by this phrase?

  12. If you have not looked at these tech news sites lately, look at them now. Ars Technica, TechRadar, Slashdot. Which seem more likely to have news on tech issues, tech problems, and tech toys?

  13. Assume that you are going to use firewalld, maybe because you like its GUI better. What are four words that could each replace the blank in the following command template, and what would each word cause the command to do?

    systemctl __________ firewalld.service

  14. Assuming you have the right to execute it, what would the following command do?

    firewall-cmd --panic-on

  15. You should take a look at this material on mitigations. It is not on the test, but it is useful to look it over: https://www.nsa.gov/Portals/70/documents/what-we-do/cybersecurity/professional-resources/csi-nsas-top10-cybersecurity-mitigation-strategies.pdf?v=1


  16. What is the name of the GUI interface for firewalld?

  17. What is the name of the command line interface for firewalld?

  18. What does our text mean by the concept it calls a super server? What is the name of the super server the text discussed?

  19. What is the more common name for Grand Unified Boot loader? What value does it provide?

  20. What kind of things do we expect to find in the /etc/login.defs file? Give an example.

  21. What practical matter does GRUB2 address that the original version of that program did not?

  22. What do you expect to find in the /var/log folder? Name an item of use to administrators.

  23. What file does the sudo command automatically read? How can the contents of that file help with managing your network?

  24. So, which is your favorite tech news site? (No, this is not an opening line. Only a nerd would think it could be...)